System information:
ArubaOS (MODEL: Aruba7210), Version 6.3.1.1
ClearPass Policy Manager 6.2.4.58896 on CP-HW-500 platform
problem description:
Currently have onboarding setup and working in my customers environment so long as I have an 'allow-all' assigned to the user role that the devices are getting onboarded from.
As soon as I take away this 'allow-all' I can still onboard from android and ios, but when it comes to onboardng a macbook (running maverick) I am unable to onboard. I am able to reach the onboarding landing page, and receive the configuration profile installer. When I run the profile installer it times out and fails the install.
The traffic for the client at the controller that is going to clearpass is all on https 443 and is all being allowed. This works fine for ios as I already mentioned. I cannot see any deny's for the client at the controller firewall so am perplexed as to what I am not allowing that is causing the fail on the macbook. Putting the 'allow-all' back on the role allows me to onboard again but obviously I don't want an allow all on this role.
Anybody know what I need to allow at the firewall to allow the user to onboard other than??:
user -> clearpass -> http -> allow
user -> clearpass -> https -> allow
Any help is much appreciated.